API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 16th, 2019
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.23 KB | None | 0 0
raw download clone embed print report
  1. WebView
  2. ===
  3. WebView myWebView = (WebView) findViewById(R.id.webview);
  4. WebSettings webSettings = myWebView.getSettings();
  5. webSettings.setJavaScriptEnabled(true)
  6.  
  7. https://content-security-policy.com/
  8.  
  9. Ios App
  10. 1. they run as "mobile"
  11. /Applications - pre installed apps
  12. /var/mobile/Applications-downloaded apps
  13. ios 8 -/var/mobile/Bundle/Applications
  14.  
  15. ios app diretory structure
  16. 1. [app].app
  17. 2. Documents
  18. 3. library
  19. 4. library/Preferences
  20. 5. library/caches
  21. 6. tmp
  22.  
  23. once put ios application in background, ios will take snapshot of current screen. To protect it from readable from other, put secure flag into input field.
  24.  
  25. binary file
  26. plutil - to read binary file
  27.  
  28. table start with Z --> core table
  29.  
  30. https://github.com/ptoomey3/Keychain-Dumper
  31. http://osxdaily.com/2016/03/10/convert-plist-file-xml-binary-mac-os-x-plutil/
  32. https://github.com/Chronic-Dev/libplist/blob/master/plutil/plutil.c
  33. https://androidtamer.com/tamer4-release
  34. http://iphonedevwiki.net/index.php/Cycript_Tricks
  35. https:.//www.hacksplaining.com
  36. https://www.cvedetails.com/
  37. https://www.first.org/cvss/calculator/3.0
  38. http://cwe.mitre.org/top25/
  39. https://www.sans.org/top25-software-errors
  40. https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf
  41. https://www.owasp.org/index.php/OWASP_Proactive_Controls
  42. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
  43. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
  44. https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
  45.  
  46.  
  47. vm> tcpdump -w <filename>.pcap -s 0
  48.  
  49. Dekstop > strings ly.pcap | grep 'demo'
  50.  
  51. ios v9 - /var/mobile/Containers/Data/Application
  52.  
  53. class-dump <binaryfile> > binaryfile.txt
  54.  
  55.  
  56. DRM protected.
  57. need to reverse engineer like below
  58. $ clutch <applicationname>
  59. $ unzip <path_applicationname> .ipa
  60. $ cd <appname>.app
  61. $ class-dump <filename>*
  62.  
  63.  
  64. $ ps aux | grep challenge5
  65. $ cycript -p <processId>
  66. in objective c language
  67. cy# $ UIApp.windows
  68. cy# $ UIApp.keyWindow.rootViewController.output.text='abc'
  69. UIApp.keyWindow.rootViewController
  70.  
  71. /private/var/Keychain/keychain2-
  72.  
  73. /usr/bin
  74.  
  75.  
  76. [UIApp.keyWindow.rootViewController loggedIn]
  77.  
  78. [i for (i in *UIApp)]
  79.  
  80. Tools = $ mobsf (pre-installed with tamer)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!